From 1383677642b3e8136124e6b3baa7a94171d97a49 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sun, 16 Jan 2022 23:28:13 -0500
Subject: [PATCH] kdc: update_csr do not leak error messages

Change-Id: I478bf001ebf555dce067916e7198053ef3a0bd08
---
 kdc/kx509.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/kdc/kx509.c b/kdc/kx509.c
index a47df4db2..a13c08325 100644
--- a/kdc/kx509.c
+++ b/kdc/kx509.c
@@ -542,12 +542,13 @@ update_csr(krb5_context context, kx509_req_context reqctx, Extensions *exts)
         }
     }
     if (ret) {
+	char *emsg = krb5_get_error_message(context, ret);
         kdc_log(context, reqctx->config, 1,
-                "Error handling requested extensions: %s",
-                krb5_get_error_message(context, ret));
+                "Error handling requested extensions: %s", emsg);
         _kdc_audit_addreason((kdc_request_t)reqctx,
                              "Error handling requested extensions: %s",
-                             krb5_get_error_message(context, ret));
+                             emsg);
+	krb5_free_error_message(context, emsg);
     }
     return ret;
 }